joe/kami-parse-server
Public Access
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feature: User Lockout (#4749)

Browse Source 
* Allows masterKey to lock _User object and prevent login with email / password

* Ensure the authData based auth can be locked out as well when accounts is masterKey only
This commit is contained in:
Florent Vilmart
2018-05-16 15:40:02 -04:00
committed by GitHub
parent bfd0c4bf2f
commit ad244d6654
3 changed files with 75 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
src/RestWrite.js
View File

@@ -282,7 +282,9 @@ RestWrite.prototype.findUsersWithAuthData = function(authData) {
RestWrite.prototype.handleAuthData = function(authData) {
let results;
return this.findUsersWithAuthData(authData).then((r) => {
results = r;
results = r.filter((user) => {
return !this.auth.isMaster && user.ACL && Object.keys(user.ACL).length > 0;
});
if (results.length > 1) {
// More than 1 user with the passed id's
throw new Parse.Error(Parse.Error.ACCOUNT_ALREADY_LINKED,
@@ -980,7 +982,7 @@ RestWrite.prototype.runDatabaseOperation = function() {
if (this.query) {
// Force the user to not lockout
// Matched with parse.com
if (this.className === '_User' && this.data.ACL) {
if (this.className === '_User' && this.data.ACL && this.auth.isMaster !== true) {
this.data.ACL[this.query.objectId] = { read: true, write: true };
}
// update password timestamp if user password is being changed